Certification Survey Extra is a series of periodic dispatches that give added insight into the findings of our most recent Certification Survey. These posts contain previously unpublished Certification Survey data.
The ageworn idiom about "pinching" pennies — believed to have originated around the dawn of the 17th century — was largely dormant in the English language until the early years of the Great Depression in the United States. With money scarce, the idea of tightly grasping even the smallest denomination of currency as a metaphor for thrift came roaring back.
In 2023, inflation has driven fears about an economic recession for months. But it's to hard to imagine that, if scarcity suddenly reared its ugly head, the discourse would resurrect an image so dependent on the concept of tangible, physical cold hard cash. Blockchain has yet to become our preferred medium of exchange, but money is still almost entirely digital and electronic.
Almost everything is paid for with credit cards or, to an increasing degree, automated bank transactions. When is the last time that you actually wrote an ink-and-paper check to pay your monthly mortgage installment? How many modern consumers own a checkbook, or would even know what one is?
The digitization of currency and currency transactions, of course, is convenient — but it also carries a sky high degree of risk. Are we capable of securing and protecting everyone's money when money is more virtual than it's ever been before? And who should we be asking that question of? Banks, naturally. But also: Surely you jest.
History has shown that quasi-legal activities, or even just semi-reckless management, can fatally undermine banks. (Silicon Valley Bank, anyone?) Direct criminal interference with banks has the potential to wreak far greater devastation than trading shenanigans or risky investments. And since banks tend to be about as capable of rescuing themselves as a toddler in a lion's den, well ... yikes.
Given the likelihood that government officials are the ones most likely to be left holding a mop and a bucket the next time that there's a financially devastating cyberattack, should those same officials be firm in requesting advance preparation and protection? In our recent Security Certification Survey, we asked what role governments should play in guarding against digital financial upheaval.
Here's how certified information security professionals responded:
Statement 1: Government should aggressively promote cybersecurity protections and preparedness in the financial and banking sector.
Strongly Agree: 45.9 percent
Agree: 40 percent
Neither Agree nor Disagree: 9.7 percent
Disagree: 2.9 percent
Strongly Disagree: 1.5 percent
Statement 2: Government should directly regulate cybersecurity protections and preparedness in the financial and banking sector.
Strongly Agree: 32 percent
Agree: 31.6 percent
Neither Agree nor Disagree: 20.9 percent
Disagree: 10.2 percent
Strongly Disagree: 5.3 percent
Almost everyone who responded to the survey thinks that government should be involved. Roughly 88 percent of those surveyed either agree (46 percent) or strongly agree (40 percent) that government officials should "aggressively promote" a stronger degree of protection and preparedness. Meanwhile, not even a full 5 percent are directly resistant to that notion.
On the other hand, it would seem that there's a line between "aggressively promoting" something and requiring it by law that some would rather not cross. There's still strong support for direct intervention by government officials: Nearly 65 percent of survey respondents either agree (31.6 percent) or strongly agree (32 percent) that directly regulating cybersecurity protection across the banking sector is a good idea.
The group of those unwilling to venture an opinion is nearly twice the size of the fence sitter segment when the keyword is the less forceful "aggressively promote." And 15 percent of respondents either disagree (10.2 percent) or strongly disagree (5.3 percent) with the notion of direct regulation.
It generally takes near-overwhelming disaster to move the needle on government regulation. In that sense, immediate action is probably no closer than the unforeseeable emergence of a globally, or at least regionally, catastrophic cybersecurity breach. In the meantime, well, you may not have any pennies to pinch — but you should at least keep a sharp eye on your online accounts and payment apps.